From ae73e2081d5b56b8361c4b3a01cc5c70487b6587 Mon Sep 17 00:00:00 2001 From: Florian Hoss Date: Mon, 18 Apr 2022 10:59:02 +0200 Subject: [PATCH 1/7] performance enhancement for firewall rule size --- SourceCode/arduino/lib/Firewall/Firewall.cpp | 61 +++++++++++++++++--- SourceCode/arduino/lib/Firewall/Firewall.h | 33 ++++++++--- 2 files changed, 79 insertions(+), 15 deletions(-) diff --git a/SourceCode/arduino/lib/Firewall/Firewall.cpp b/SourceCode/arduino/lib/Firewall/Firewall.cpp index 276e2c9..fa07e7d 100644 --- a/SourceCode/arduino/lib/Firewall/Firewall.cpp +++ b/SourceCode/arduino/lib/Firewall/Firewall.cpp @@ -7,6 +7,52 @@ ESPFirewall::ESPFirewall(int port) this->setup_routing(); } +String ESPFirewall::protocol_to_string(firewall_protocol_t &protocol) +{ + switch (protocol) + { + case FW_TCP: + return "TCP"; + case FW_UDP: + return "UDP"; + default: + return "ALL"; + } +} + +firewall_protocol_t ESPFirewall::string_to_protocol(String &protocol) +{ + if (protocol.equals("TCP")) + return FW_TCP; + else if (protocol.equals("UDP")) + return FW_UDP; + else + return FW_ALL; +} + +String ESPFirewall::target_to_string(firewall_target_t &target) +{ + switch (target) + { + case FW_REJECT: + return "REJECT"; + case FW_DROP: + return "DROP"; + default: + return "ACCEPT"; + } +} + +firewall_target_t ESPFirewall::string_to_target(String &target) +{ + if (target.equals("REJECT")) + return FW_REJECT; + else if (target.equals("DROP")) + return FW_DROP; + else + return FW_ACCEPT; +} + void ESPFirewall::add_rule_to_firewall(firewall_rule_t *rule) { firewall_rule_t *temp; @@ -113,8 +159,8 @@ String ESPFirewall::construct_json_firewall_rule(firewall_rule_t *rule_ptr) doc["key"] = rule_ptr->key; doc["source"] = rule_ptr->source; doc["destination"] = rule_ptr->destination; - doc["protocol"] = rule_ptr->protocol; - doc["target"] = rule_ptr->target; + doc["protocol"] = protocol_to_string(rule_ptr->protocol); + doc["target"] = target_to_string(rule_ptr->target); String response; serializeJson(doc, response); return response; @@ -123,7 +169,7 @@ String ESPFirewall::construct_json_firewall_rule(firewall_rule_t *rule_ptr) String ESPFirewall::construct_json_firewall() { firewall_rule_t *rule_ptr = this->head; - // Size for 12 Rules + // Size for max 12 Rules StaticJsonDocument<2048> doc; String response; doc["amount"] = amount_of_rules; @@ -134,8 +180,8 @@ String ESPFirewall::construct_json_firewall() rule["key"] = rule_ptr->key; rule["source"] = rule_ptr->source; rule["destination"] = rule_ptr->destination; - rule["protocol"] = rule_ptr->protocol; - rule["target"] = rule_ptr->target; + rule["protocol"] = protocol_to_string(rule_ptr->protocol); + rule["target"] = target_to_string(rule_ptr->target); rule_ptr = rule_ptr->next; } serializeJson(doc, response); @@ -184,10 +230,11 @@ void ESPFirewall::post_firewall_handler(AsyncWebServerRequest *request) strcpy(rule_ptr->source, source.length() <= IP4ADDR_STRLEN_MAX ? source.c_str() : ""); String destination = request->getParam("destination")->value(); strcpy(rule_ptr->destination, destination.length() <= IP4ADDR_STRLEN_MAX ? destination.c_str() : ""); + String protocol = request->getParam("protocol")->value(); - strcpy(rule_ptr->protocol, protocol.length() <= PROTOCOL_LENGTH ? protocol.c_str() : ""); + rule_ptr->protocol = string_to_protocol(protocol); String target = request->getParam("target")->value(); - strcpy(rule_ptr->target, target.length() <= TARGET_LENGTH ? target.c_str() : ""); + rule_ptr->target = string_to_target(target); add_rule_to_firewall(rule_ptr); request->send(200, "application/json", construct_json_firewall_rule(rule_ptr)); diff --git a/SourceCode/arduino/lib/Firewall/Firewall.h b/SourceCode/arduino/lib/Firewall/Firewall.h index 7ed2ab7..96ec643 100644 --- a/SourceCode/arduino/lib/Firewall/Firewall.h +++ b/SourceCode/arduino/lib/Firewall/Firewall.h @@ -13,30 +13,47 @@ #endif #include "ESPAsyncWebServer.h" -#define PROTOCOL_LENGTH 4 -#define TARGET_LENGTH 7 +typedef enum +{ + FW_REJECT = 0b0001, + FW_DROP = 0b0010, + FW_ACCEPT = 0b0011, +} firewall_target_t; + +typedef enum +{ + FW_TCP = 0b0001, + FW_UDP = 0b0010, + FW_ALL = 0b1111, +} firewall_protocol_t; typedef struct firewall_rule { - int key; + uint8_t key; char source[IP4ADDR_STRLEN_MAX]; char destination[IP4ADDR_STRLEN_MAX]; - char protocol[PROTOCOL_LENGTH]; - char target[TARGET_LENGTH]; + firewall_protocol_t protocol; + firewall_target_t target; struct firewall_rule *next; } firewall_rule_t; class ESPFirewall { - unsigned int amount_of_rules = 0; + uint8_t amount_of_rules = 0; struct firewall_rule *head = NULL; AsyncWebServer *firewall_api; + // Protocol / Target conversion + String protocol_to_string(firewall_protocol_t &); + firewall_protocol_t string_to_protocol(String &); + String target_to_string(firewall_target_t &); + firewall_target_t string_to_target(String &); + // Firewall Actions void add_rule_to_firewall(firewall_rule_t *); - firewall_rule_t *get_rule_from_firewall(int key); - bool delete_rule_from_firewall(int key); + firewall_rule_t *get_rule_from_firewall(int); + bool delete_rule_from_firewall(int); // Firewall-API Actions void setup_routing(); From d269eff8ee3f1984e389d01387500b8a190de99f Mon Sep 17 00:00:00 2001 From: Florian Hoss Date: Mon, 18 Apr 2022 11:16:01 +0200 Subject: [PATCH 2/7] communicating with eeprom --- SourceCode/arduino/lib/Firewall/Firewall.cpp | 19 +++++++++++++++++++ SourceCode/arduino/lib/Firewall/Firewall.h | 6 ++++++ 2 files changed, 25 insertions(+) diff --git a/SourceCode/arduino/lib/Firewall/Firewall.cpp b/SourceCode/arduino/lib/Firewall/Firewall.cpp index fa07e7d..a6fc841 100644 --- a/SourceCode/arduino/lib/Firewall/Firewall.cpp +++ b/SourceCode/arduino/lib/Firewall/Firewall.cpp @@ -53,6 +53,25 @@ firewall_target_t ESPFirewall::string_to_target(String &target) return FW_ACCEPT; } +void ESPFirewall::write_rule_to_eeprom(firewall_rule_t *rule) +{ + EEPROM.put(this->eeprom_address, rule->source); + this->eeprom_address + IP4ADDR_STRLEN_MAX; + EEPROM.put(this->eeprom_address, rule->destination); + this->eeprom_address + IP4ADDR_STRLEN_MAX; + EEPROM.put(this->eeprom_address, rule->protocol); + this->eeprom_address + sizeof(rule->protocol); + EEPROM.put(this->eeprom_address, rule->target); + this->eeprom_address + sizeof(rule->target); +} + +void ESPFirewall::get_rules_from_eeprom() +{ + int temp_eeprom_address = 0; + char source[IP4ADDR_STRLEN_MAX]; + EEPROM.get(temp_eeprom_address, source); +} + void ESPFirewall::add_rule_to_firewall(firewall_rule_t *rule) { firewall_rule_t *temp; diff --git a/SourceCode/arduino/lib/Firewall/Firewall.h b/SourceCode/arduino/lib/Firewall/Firewall.h index 96ec643..41ee6e6 100644 --- a/SourceCode/arduino/lib/Firewall/Firewall.h +++ b/SourceCode/arduino/lib/Firewall/Firewall.h @@ -4,6 +4,7 @@ #include "Arduino.h" #include "AsyncJson.h" #include "ArduinoJson.h" +#include "EEPROM.h" #ifdef ESP32 #include "WiFi.h" #include "AsyncTCP.h" @@ -40,6 +41,7 @@ typedef struct firewall_rule class ESPFirewall { uint8_t amount_of_rules = 0; + int eeprom_address = 0; struct firewall_rule *head = NULL; AsyncWebServer *firewall_api; @@ -50,6 +52,10 @@ class ESPFirewall String target_to_string(firewall_target_t &); firewall_target_t string_to_target(String &); + // EEPROM + void write_rule_to_eeprom(firewall_rule_t *rule); + void get_rules_from_eeprom(); + // Firewall Actions void add_rule_to_firewall(firewall_rule_t *); firewall_rule_t *get_rule_from_firewall(int); From d7520c15fd5009bfd4dba727fb4978417e62dde4 Mon Sep 17 00:00:00 2001 From: Florian Hoss Date: Mon, 18 Apr 2022 13:11:02 +0200 Subject: [PATCH 3/7] store amount of rules in eeprom --- SourceCode/arduino/lib/Firewall/Firewall.cpp | 74 +++++++++++++++----- SourceCode/arduino/lib/Firewall/Firewall.h | 10 ++- SourceCode/arduino/src/main.cpp | 5 +- 3 files changed, 66 insertions(+), 23 deletions(-) diff --git a/SourceCode/arduino/lib/Firewall/Firewall.cpp b/SourceCode/arduino/lib/Firewall/Firewall.cpp index a6fc841..ef56373 100644 --- a/SourceCode/arduino/lib/Firewall/Firewall.cpp +++ b/SourceCode/arduino/lib/Firewall/Firewall.cpp @@ -2,6 +2,7 @@ ESPFirewall::ESPFirewall(int port) { + this->setup_eeprom(); log_i("Starting Firewall-API on %i", port); this->firewall_api = new AsyncWebServer(port); this->setup_routing(); @@ -53,23 +54,57 @@ firewall_target_t ESPFirewall::string_to_target(String &target) return FW_ACCEPT; } -void ESPFirewall::write_rule_to_eeprom(firewall_rule_t *rule) +void ESPFirewall::setup_eeprom() { - EEPROM.put(this->eeprom_address, rule->source); - this->eeprom_address + IP4ADDR_STRLEN_MAX; - EEPROM.put(this->eeprom_address, rule->destination); - this->eeprom_address + IP4ADDR_STRLEN_MAX; - EEPROM.put(this->eeprom_address, rule->protocol); - this->eeprom_address + sizeof(rule->protocol); - EEPROM.put(this->eeprom_address, rule->target); - this->eeprom_address + sizeof(rule->target); + EEPROM.begin(this->eeprom_size); + this->eeprom_settings_head = 0; + this->amount_of_rules = EEPROM.readUChar(this->eeprom_settings_head); + this->eeprom_rules_head = sizeof(this->amount_of_rules); + log_i("Amount of Rules %i", this->amount_of_rules); } -void ESPFirewall::get_rules_from_eeprom() +void ESPFirewall::eeprom_write_settings() { - int temp_eeprom_address = 0; - char source[IP4ADDR_STRLEN_MAX]; - EEPROM.get(temp_eeprom_address, source); + EEPROM.writeUChar(this->eeprom_settings_head, this->amount_of_rules); + EEPROM.commit(); +} + +void ESPFirewall::eeprom_write_firewall_rule(firewall_rule_t *rule_ptr) +{ + EEPROM.writeUChar(this->eeprom_settings_head, this->amount_of_rules); + EEPROM.writeString(this->eeprom_rules_head, rule_ptr->source); + this->eeprom_rules_head += IP4ADDR_STRLEN_MAX; + EEPROM.writeString(this->eeprom_rules_head, rule_ptr->destination); + this->eeprom_rules_head += IP4ADDR_STRLEN_MAX; + EEPROM.writeUChar(this->eeprom_rules_head, rule_ptr->protocol); + this->eeprom_rules_head += sizeof(firewall_protocol_t); + EEPROM.writeUChar(this->eeprom_rules_head, rule_ptr->target); + this->eeprom_rules_head += sizeof(firewall_target_t); + EEPROM.commit(); + // eeprom_read_firewall_rules(); +} + +void ESPFirewall::eeprom_read_firewall_rules() +{ + int eeprom_address = sizeof(this->amount_of_rules); + firewall_rule_t *rule_ptr = (firewall_rule_t *)malloc(sizeof(firewall_rule_t)); + + strcpy(rule_ptr->source, EEPROM.readString(eeprom_address).c_str()); + eeprom_address += IP4ADDR_STRLEN_MAX; + strcpy(rule_ptr->destination, EEPROM.readString(eeprom_address).c_str()); + eeprom_address += IP4ADDR_STRLEN_MAX; + // rule_ptr->protocol = firewall_protocol_t(EEPROM.readUChar(eeprom_address)); + // eeprom_address += sizeof(rule_ptr->protocol); + // rule_ptr->target = firewall_target_t(EEPROM.readUChar(eeprom_address)); + // eeprom_address += sizeof(rule_ptr->target); + log_i("Amount: %i, Source: %s, Destination: %s, Protocol: %s, Target: %s", + this->amount_of_rules, + rule_ptr->source, + rule_ptr->destination, + rule_ptr->protocol, + rule_ptr->target); + + free(rule_ptr); } void ESPFirewall::add_rule_to_firewall(firewall_rule_t *rule) @@ -114,7 +149,7 @@ firewall_rule_t *ESPFirewall::get_rule_from_firewall(int key) bool ESPFirewall::delete_rule_from_firewall(int key) { - if (head == NULL) + if (this->head == NULL) { return false; } @@ -133,10 +168,10 @@ bool ESPFirewall::delete_rule_from_firewall(int key) current_rule_ptr = current_rule_ptr->next; } } - if (current_rule_ptr == head) + if (current_rule_ptr == this->head) { - head = head->next; - temp = head; + this->head = head->next; + temp = this->head; } else { @@ -149,7 +184,8 @@ bool ESPFirewall::delete_rule_from_firewall(int key) temp = temp->next; } free(current_rule_ptr); - amount_of_rules--; + this->amount_of_rules--; + this->eeprom_write_settings(); return true; } @@ -191,7 +227,6 @@ String ESPFirewall::construct_json_firewall() // Size for max 12 Rules StaticJsonDocument<2048> doc; String response; - doc["amount"] = amount_of_rules; JsonArray rules = doc.createNestedArray("rules"); while (rule_ptr != NULL) { @@ -256,6 +291,7 @@ void ESPFirewall::post_firewall_handler(AsyncWebServerRequest *request) rule_ptr->target = string_to_target(target); add_rule_to_firewall(rule_ptr); + eeprom_write_firewall_rule(rule_ptr); request->send(200, "application/json", construct_json_firewall_rule(rule_ptr)); } else diff --git a/SourceCode/arduino/lib/Firewall/Firewall.h b/SourceCode/arduino/lib/Firewall/Firewall.h index 41ee6e6..1398a82 100644 --- a/SourceCode/arduino/lib/Firewall/Firewall.h +++ b/SourceCode/arduino/lib/Firewall/Firewall.h @@ -40,8 +40,10 @@ typedef struct firewall_rule class ESPFirewall { + uint16_t eeprom_size = 512; uint8_t amount_of_rules = 0; - int eeprom_address = 0; + int eeprom_settings_head; + int eeprom_rules_head; struct firewall_rule *head = NULL; AsyncWebServer *firewall_api; @@ -53,8 +55,10 @@ class ESPFirewall firewall_target_t string_to_target(String &); // EEPROM - void write_rule_to_eeprom(firewall_rule_t *rule); - void get_rules_from_eeprom(); + void setup_eeprom(); + void eeprom_write_settings(); + void eeprom_write_firewall_rule(firewall_rule_t *rule); + void eeprom_read_firewall_rules(); // Firewall Actions void add_rule_to_firewall(firewall_rule_t *); diff --git a/SourceCode/arduino/src/main.cpp b/SourceCode/arduino/src/main.cpp index 618f54f..f01a7ad 100644 --- a/SourceCode/arduino/src/main.cpp +++ b/SourceCode/arduino/src/main.cpp @@ -8,12 +8,15 @@ ESPFirewall *firewall; void setup_wifi() { + uint8_t max_retries = 20; + uint8_t retries = 1; log_i("Attempting to connect to WPA SSID: %s", ssid); WiFi.mode(WIFI_STA); WiFi.begin(ssid, psk); - while (WiFi.status() != WL_CONNECTED) + while (WiFi.status() != WL_CONNECTED && retries <= max_retries) { delay(1000); + log_i("Connecting... (%i/%i)", retries++, max_retries); } esp_ip_address = WiFi.localIP().toString().c_str(); log_i("Connected, IP Address: %s", esp_ip_address); From d017f28254b1a948d04ca164d5da2242c9fa9ac4 Mon Sep 17 00:00:00 2001 From: Florian Hoss Date: Mon, 18 Apr 2022 17:35:52 +0200 Subject: [PATCH 4/7] rule can be written to eeprom --- SourceCode/arduino/lib/Firewall/Firewall.cpp | 50 ++++++++------------ SourceCode/arduino/lib/Firewall/Firewall.h | 23 ++++----- SourceCode/arduino/src/main.cpp | 2 +- 3 files changed, 33 insertions(+), 42 deletions(-) diff --git a/SourceCode/arduino/lib/Firewall/Firewall.cpp b/SourceCode/arduino/lib/Firewall/Firewall.cpp index ef56373..b619878 100644 --- a/SourceCode/arduino/lib/Firewall/Firewall.cpp +++ b/SourceCode/arduino/lib/Firewall/Firewall.cpp @@ -57,54 +57,44 @@ firewall_target_t ESPFirewall::string_to_target(String &target) void ESPFirewall::setup_eeprom() { EEPROM.begin(this->eeprom_size); - this->eeprom_settings_head = 0; - this->amount_of_rules = EEPROM.readUChar(this->eeprom_settings_head); - this->eeprom_rules_head = sizeof(this->amount_of_rules); + this->amount_of_rules = 0; + // this->amount_of_rules = EEPROM.readUChar(this->eeprom_settings_head); log_i("Amount of Rules %i", this->amount_of_rules); } -void ESPFirewall::eeprom_write_settings() -{ - EEPROM.writeUChar(this->eeprom_settings_head, this->amount_of_rules); - EEPROM.commit(); -} - void ESPFirewall::eeprom_write_firewall_rule(firewall_rule_t *rule_ptr) { - EEPROM.writeUChar(this->eeprom_settings_head, this->amount_of_rules); + EEPROM.write(this->eeprom_settings_head, this->amount_of_rules); EEPROM.writeString(this->eeprom_rules_head, rule_ptr->source); this->eeprom_rules_head += IP4ADDR_STRLEN_MAX; EEPROM.writeString(this->eeprom_rules_head, rule_ptr->destination); this->eeprom_rules_head += IP4ADDR_STRLEN_MAX; - EEPROM.writeUChar(this->eeprom_rules_head, rule_ptr->protocol); + EEPROM.write(this->eeprom_rules_head, rule_ptr->protocol); this->eeprom_rules_head += sizeof(firewall_protocol_t); - EEPROM.writeUChar(this->eeprom_rules_head, rule_ptr->target); + EEPROM.write(this->eeprom_rules_head, rule_ptr->target); this->eeprom_rules_head += sizeof(firewall_target_t); EEPROM.commit(); - // eeprom_read_firewall_rules(); } void ESPFirewall::eeprom_read_firewall_rules() { - int eeprom_address = sizeof(this->amount_of_rules); - firewall_rule_t *rule_ptr = (firewall_rule_t *)malloc(sizeof(firewall_rule_t)); - - strcpy(rule_ptr->source, EEPROM.readString(eeprom_address).c_str()); + int eeprom_address = eeprom_start_firewall_rules; + char source[IP4ADDR_STRLEN_MAX]; + char destination[IP4ADDR_STRLEN_MAX]; + strcpy(source, EEPROM.readString(eeprom_address).c_str()); eeprom_address += IP4ADDR_STRLEN_MAX; - strcpy(rule_ptr->destination, EEPROM.readString(eeprom_address).c_str()); + strcpy(destination, EEPROM.readString(eeprom_address).c_str()); eeprom_address += IP4ADDR_STRLEN_MAX; - // rule_ptr->protocol = firewall_protocol_t(EEPROM.readUChar(eeprom_address)); - // eeprom_address += sizeof(rule_ptr->protocol); - // rule_ptr->target = firewall_target_t(EEPROM.readUChar(eeprom_address)); - // eeprom_address += sizeof(rule_ptr->target); - log_i("Amount: %i, Source: %s, Destination: %s, Protocol: %s, Target: %s", + firewall_protocol_t protocol = static_cast(EEPROM.read(eeprom_address)); + eeprom_address += sizeof(firewall_protocol_t); + firewall_protocol_t target = static_cast(EEPROM.read(eeprom_address)); + eeprom_address += sizeof(firewall_target_t); + log_i("Amount: %i, Source: %s, Destination: %s, Protocol: %u, Target: %u", this->amount_of_rules, - rule_ptr->source, - rule_ptr->destination, - rule_ptr->protocol, - rule_ptr->target); - - free(rule_ptr); + source, + destination, + protocol, + target); } void ESPFirewall::add_rule_to_firewall(firewall_rule_t *rule) @@ -185,7 +175,6 @@ bool ESPFirewall::delete_rule_from_firewall(int key) } free(current_rule_ptr); this->amount_of_rules--; - this->eeprom_write_settings(); return true; } @@ -263,6 +252,7 @@ void ESPFirewall::get_firewall_rule_handler(AsyncWebServerRequest *request) void ESPFirewall::get_firewall_rules_handler(AsyncWebServerRequest *request) { + eeprom_read_firewall_rules(); String response = construct_json_firewall(); request->send(200, "application/json", response); } diff --git a/SourceCode/arduino/lib/Firewall/Firewall.h b/SourceCode/arduino/lib/Firewall/Firewall.h index 1398a82..a86db42 100644 --- a/SourceCode/arduino/lib/Firewall/Firewall.h +++ b/SourceCode/arduino/lib/Firewall/Firewall.h @@ -14,18 +14,20 @@ #endif #include "ESPAsyncWebServer.h" -typedef enum +#define eeprom_start_firewall_rules 4 + +typedef enum firewall_target : uint8_t { - FW_REJECT = 0b0001, - FW_DROP = 0b0010, - FW_ACCEPT = 0b0011, + FW_REJECT = 0, + FW_DROP = 1, + FW_ACCEPT = 2, } firewall_target_t; -typedef enum +typedef enum firewall_protocol : uint8_t { - FW_TCP = 0b0001, - FW_UDP = 0b0010, - FW_ALL = 0b1111, + FW_TCP = 0, + FW_UDP = 1, + FW_ALL = 255, } firewall_protocol_t; typedef struct firewall_rule @@ -42,8 +44,8 @@ class ESPFirewall { uint16_t eeprom_size = 512; uint8_t amount_of_rules = 0; - int eeprom_settings_head; - int eeprom_rules_head; + int eeprom_settings_head = 0; + int eeprom_rules_head = eeprom_start_firewall_rules; struct firewall_rule *head = NULL; AsyncWebServer *firewall_api; @@ -56,7 +58,6 @@ class ESPFirewall // EEPROM void setup_eeprom(); - void eeprom_write_settings(); void eeprom_write_firewall_rule(firewall_rule_t *rule); void eeprom_read_firewall_rules(); diff --git a/SourceCode/arduino/src/main.cpp b/SourceCode/arduino/src/main.cpp index f01a7ad..08e942a 100644 --- a/SourceCode/arduino/src/main.cpp +++ b/SourceCode/arduino/src/main.cpp @@ -8,7 +8,7 @@ ESPFirewall *firewall; void setup_wifi() { - uint8_t max_retries = 20; + uint8_t max_retries = 10; uint8_t retries = 1; log_i("Attempting to connect to WPA SSID: %s", ssid); WiFi.mode(WIFI_STA); From 06b122de646f2c9fdb7e026e425e92037dfa64cb Mon Sep 17 00:00:00 2001 From: Florian Hoss Date: Mon, 18 Apr 2022 17:46:17 +0200 Subject: [PATCH 5/7] read all firewall rules stored in eeprom --- SourceCode/arduino/lib/Firewall/Firewall.cpp | 40 +++++++++++--------- SourceCode/arduino/lib/Firewall/Firewall.h | 1 + 2 files changed, 24 insertions(+), 17 deletions(-) diff --git a/SourceCode/arduino/lib/Firewall/Firewall.cpp b/SourceCode/arduino/lib/Firewall/Firewall.cpp index b619878..de0cd1a 100644 --- a/SourceCode/arduino/lib/Firewall/Firewall.cpp +++ b/SourceCode/arduino/lib/Firewall/Firewall.cpp @@ -76,25 +76,31 @@ void ESPFirewall::eeprom_write_firewall_rule(firewall_rule_t *rule_ptr) EEPROM.commit(); } +void ESPFirewall::eeprom_read_firewall_rule(uint8_t &eeprom_address) +{ + firewall_rule_t *rule_ptr = (firewall_rule_t *)malloc(sizeof(firewall_rule_t)); + strcpy(rule_ptr->source, EEPROM.readString(eeprom_address).c_str()); + eeprom_address += IP4ADDR_STRLEN_MAX; + strcpy(rule_ptr->destination, EEPROM.readString(eeprom_address).c_str()); + eeprom_address += IP4ADDR_STRLEN_MAX; + rule_ptr->protocol = static_cast(EEPROM.read(eeprom_address)); + eeprom_address += sizeof(firewall_protocol_t); + rule_ptr->target = static_cast(EEPROM.read(eeprom_address)); + eeprom_address += sizeof(firewall_target_t); + log_i("Source: %s, Destination: %s, Protocol: %u, Target: %u", + rule_ptr->source, + rule_ptr->destination, + rule_ptr->protocol, + rule_ptr->target); +} + void ESPFirewall::eeprom_read_firewall_rules() { - int eeprom_address = eeprom_start_firewall_rules; - char source[IP4ADDR_STRLEN_MAX]; - char destination[IP4ADDR_STRLEN_MAX]; - strcpy(source, EEPROM.readString(eeprom_address).c_str()); - eeprom_address += IP4ADDR_STRLEN_MAX; - strcpy(destination, EEPROM.readString(eeprom_address).c_str()); - eeprom_address += IP4ADDR_STRLEN_MAX; - firewall_protocol_t protocol = static_cast(EEPROM.read(eeprom_address)); - eeprom_address += sizeof(firewall_protocol_t); - firewall_protocol_t target = static_cast(EEPROM.read(eeprom_address)); - eeprom_address += sizeof(firewall_target_t); - log_i("Amount: %i, Source: %s, Destination: %s, Protocol: %u, Target: %u", - this->amount_of_rules, - source, - destination, - protocol, - target); + uint8_t eeprom_address = eeprom_start_firewall_rules; + for (uint8_t i = 0; i < this->amount_of_rules; i++) + { + eeprom_read_firewall_rule(eeprom_address); + } } void ESPFirewall::add_rule_to_firewall(firewall_rule_t *rule) diff --git a/SourceCode/arduino/lib/Firewall/Firewall.h b/SourceCode/arduino/lib/Firewall/Firewall.h index a86db42..4e2cbcd 100644 --- a/SourceCode/arduino/lib/Firewall/Firewall.h +++ b/SourceCode/arduino/lib/Firewall/Firewall.h @@ -59,6 +59,7 @@ class ESPFirewall // EEPROM void setup_eeprom(); void eeprom_write_firewall_rule(firewall_rule_t *rule); + void eeprom_read_firewall_rule(uint8_t &); void eeprom_read_firewall_rules(); // Firewall Actions From 66dffbc2fc55d7cdd2236a9eeadfcdf496a0e6b1 Mon Sep 17 00:00:00 2001 From: Florian Hoss Date: Mon, 18 Apr 2022 17:55:34 +0200 Subject: [PATCH 6/7] create firewall rule set on startup --- SourceCode/arduino/lib/Firewall/Firewall.cpp | 30 ++++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/SourceCode/arduino/lib/Firewall/Firewall.cpp b/SourceCode/arduino/lib/Firewall/Firewall.cpp index de0cd1a..5e18928 100644 --- a/SourceCode/arduino/lib/Firewall/Firewall.cpp +++ b/SourceCode/arduino/lib/Firewall/Firewall.cpp @@ -3,6 +3,7 @@ ESPFirewall::ESPFirewall(int port) { this->setup_eeprom(); + this->eeprom_read_firewall_rules(); log_i("Starting Firewall-API on %i", port); this->firewall_api = new AsyncWebServer(port); this->setup_routing(); @@ -57,9 +58,6 @@ firewall_target_t ESPFirewall::string_to_target(String &target) void ESPFirewall::setup_eeprom() { EEPROM.begin(this->eeprom_size); - this->amount_of_rules = 0; - // this->amount_of_rules = EEPROM.readUChar(this->eeprom_settings_head); - log_i("Amount of Rules %i", this->amount_of_rules); } void ESPFirewall::eeprom_write_firewall_rule(firewall_rule_t *rule_ptr) @@ -87,15 +85,18 @@ void ESPFirewall::eeprom_read_firewall_rule(uint8_t &eeprom_address) eeprom_address += sizeof(firewall_protocol_t); rule_ptr->target = static_cast(EEPROM.read(eeprom_address)); eeprom_address += sizeof(firewall_target_t); - log_i("Source: %s, Destination: %s, Protocol: %u, Target: %u", + add_rule_to_firewall(rule_ptr); + log_i("%s, %s, %s, %s", rule_ptr->source, rule_ptr->destination, - rule_ptr->protocol, - rule_ptr->target); + protocol_to_string(rule_ptr->protocol), + target_to_string(rule_ptr->target)); } void ESPFirewall::eeprom_read_firewall_rules() { + this->amount_of_rules = EEPROM.readUChar(this->eeprom_settings_head); + log_i("Amount of existing Rules %i", this->amount_of_rules); uint8_t eeprom_address = eeprom_start_firewall_rules; for (uint8_t i = 0; i < this->amount_of_rules; i++) { @@ -103,29 +104,29 @@ void ESPFirewall::eeprom_read_firewall_rules() } } -void ESPFirewall::add_rule_to_firewall(firewall_rule_t *rule) +void ESPFirewall::add_rule_to_firewall(firewall_rule_t *rule_ptr) { firewall_rule_t *temp; - if (head == NULL) + if (this->head == NULL) { - head = rule; - rule->next = NULL; + this->head = rule_ptr; + rule_ptr->next = NULL; return; } - temp = head; + temp = this->head; while (temp->next != NULL) { temp = temp->next; } - temp->next = rule; - rule->next = NULL; + temp->next = rule_ptr; + rule_ptr->next = NULL; return; } firewall_rule_t *ESPFirewall::get_rule_from_firewall(int key) { firewall_rule_t *rule_ptr = this->head; - if (head == NULL) + if (this->head == NULL) { return NULL; } @@ -258,7 +259,6 @@ void ESPFirewall::get_firewall_rule_handler(AsyncWebServerRequest *request) void ESPFirewall::get_firewall_rules_handler(AsyncWebServerRequest *request) { - eeprom_read_firewall_rules(); String response = construct_json_firewall(); request->send(200, "application/json", response); } From 4a34439fd2fa93bea4fc18dd1daa754506aa694d Mon Sep 17 00:00:00 2001 From: Florian Hoss Date: Mon, 18 Apr 2022 18:40:23 +0200 Subject: [PATCH 7/7] eeprom successfully implemented for firewall rules --- SourceCode/arduino/lib/Firewall/Firewall.cpp | 48 ++++++++++++++++---- SourceCode/arduino/lib/Firewall/Firewall.h | 9 ++-- 2 files changed, 46 insertions(+), 11 deletions(-) diff --git a/SourceCode/arduino/lib/Firewall/Firewall.cpp b/SourceCode/arduino/lib/Firewall/Firewall.cpp index 5e18928..6df0b24 100644 --- a/SourceCode/arduino/lib/Firewall/Firewall.cpp +++ b/SourceCode/arduino/lib/Firewall/Firewall.cpp @@ -3,7 +3,6 @@ ESPFirewall::ESPFirewall(int port) { this->setup_eeprom(); - this->eeprom_read_firewall_rules(); log_i("Starting Firewall-API on %i", port); this->firewall_api = new AsyncWebServer(port); this->setup_routing(); @@ -58,6 +57,18 @@ firewall_target_t ESPFirewall::string_to_target(String &target) void ESPFirewall::setup_eeprom() { EEPROM.begin(this->eeprom_size); + this->amount_of_rules = EEPROM.read(this->eeprom_settings_head); + uint8_t security_number = EEPROM.read(this->eeprom_settings_head + 1); + log_i("Amount of existing Rules %i", this->amount_of_rules); + if (this->amount_of_rules > 50 || security_number != this->security_number) + { + this->amount_of_rules = 0; + EEPROM.write(this->eeprom_settings_head, this->amount_of_rules); + EEPROM.write(this->eeprom_settings_head + 1, this->security_number); + EEPROM.commit(); + } + log_i("Amount of existing Rules %i", this->amount_of_rules); + this->eeprom_read_firewall_rules(); } void ESPFirewall::eeprom_write_firewall_rule(firewall_rule_t *rule_ptr) @@ -74,9 +85,21 @@ void ESPFirewall::eeprom_write_firewall_rule(firewall_rule_t *rule_ptr) EEPROM.commit(); } -void ESPFirewall::eeprom_read_firewall_rule(uint8_t &eeprom_address) +void ESPFirewall::eeprom_write_firewall_rules() +{ + this->eeprom_rules_head = eeprom_start_firewall_rules; + firewall_rule_t *rule_ptr = this->head; + while (rule_ptr != NULL) + { + this->eeprom_write_firewall_rule(rule_ptr); + rule_ptr = rule_ptr->next; + } +} + +void ESPFirewall::eeprom_read_firewall_rule(uint8_t &eeprom_address, uint8_t &rule_nr) { firewall_rule_t *rule_ptr = (firewall_rule_t *)malloc(sizeof(firewall_rule_t)); + rule_ptr->key = rule_nr; strcpy(rule_ptr->source, EEPROM.readString(eeprom_address).c_str()); eeprom_address += IP4ADDR_STRLEN_MAX; strcpy(rule_ptr->destination, EEPROM.readString(eeprom_address).c_str()); @@ -95,12 +118,10 @@ void ESPFirewall::eeprom_read_firewall_rule(uint8_t &eeprom_address) void ESPFirewall::eeprom_read_firewall_rules() { - this->amount_of_rules = EEPROM.readUChar(this->eeprom_settings_head); - log_i("Amount of existing Rules %i", this->amount_of_rules); uint8_t eeprom_address = eeprom_start_firewall_rules; - for (uint8_t i = 0; i < this->amount_of_rules; i++) + for (uint8_t i = 1; i <= this->amount_of_rules; i++) { - eeprom_read_firewall_rule(eeprom_address); + eeprom_read_firewall_rule(eeprom_address, i); } } @@ -123,7 +144,7 @@ void ESPFirewall::add_rule_to_firewall(firewall_rule_t *rule_ptr) return; } -firewall_rule_t *ESPFirewall::get_rule_from_firewall(int key) +firewall_rule_t *ESPFirewall::get_rule_from_firewall(uint8_t key) { firewall_rule_t *rule_ptr = this->head; if (this->head == NULL) @@ -144,7 +165,7 @@ firewall_rule_t *ESPFirewall::get_rule_from_firewall(int key) return rule_ptr; } -bool ESPFirewall::delete_rule_from_firewall(int key) +bool ESPFirewall::delete_rule_from_firewall(uint8_t key) { if (this->head == NULL) { @@ -182,6 +203,7 @@ bool ESPFirewall::delete_rule_from_firewall(int key) } free(current_rule_ptr); this->amount_of_rules--; + this->eeprom_write_firewall_rules(); return true; } @@ -191,6 +213,8 @@ void ESPFirewall::setup_routing() firewall_api->on("/api/v1/firewall", HTTP_GET, std::bind(&ESPFirewall::get_firewall_rules_handler, this, std::placeholders::_1)); firewall_api->on("/api/v1/firewall", HTTP_POST, std::bind(&ESPFirewall::post_firewall_handler, this, std::placeholders::_1)); firewall_api->on("^\\/api/v1/firewall\\/([0-9]+)$", HTTP_DELETE, std::bind(&ESPFirewall::delete_firewall_handler, this, std::placeholders::_1)); + + firewall_api->on("/api/v1/device/restart", HTTP_GET, std::bind(&ESPFirewall::restart_device_handler, this, std::placeholders::_1)); firewall_api->onNotFound(std::bind(&ESPFirewall::not_found, this, std::placeholders::_1)); this->firewall_api->begin(); } @@ -223,6 +247,7 @@ String ESPFirewall::construct_json_firewall() // Size for max 12 Rules StaticJsonDocument<2048> doc; String response; + doc["amount_of_rules"] = this->amount_of_rules; JsonArray rules = doc.createNestedArray("rules"); while (rule_ptr != NULL) { @@ -243,6 +268,13 @@ void ESPFirewall::not_found(AsyncWebServerRequest *request) json_message_response(request, "not found", 404); } +void ESPFirewall::restart_device_handler(AsyncWebServerRequest *request) +{ + json_message_response(request, "restarting device in 2 sec", 200); + sleep(2000); + esp_restart(); +} + void ESPFirewall::get_firewall_rule_handler(AsyncWebServerRequest *request) { int rule_number = request->pathArg(0).toInt(); diff --git a/SourceCode/arduino/lib/Firewall/Firewall.h b/SourceCode/arduino/lib/Firewall/Firewall.h index 4e2cbcd..65033c4 100644 --- a/SourceCode/arduino/lib/Firewall/Firewall.h +++ b/SourceCode/arduino/lib/Firewall/Firewall.h @@ -44,6 +44,7 @@ class ESPFirewall { uint16_t eeprom_size = 512; uint8_t amount_of_rules = 0; + uint8_t security_number = 93; int eeprom_settings_head = 0; int eeprom_rules_head = eeprom_start_firewall_rules; struct firewall_rule *head = NULL; @@ -59,13 +60,14 @@ class ESPFirewall // EEPROM void setup_eeprom(); void eeprom_write_firewall_rule(firewall_rule_t *rule); - void eeprom_read_firewall_rule(uint8_t &); + void eeprom_write_firewall_rules(); + void eeprom_read_firewall_rule(uint8_t &, uint8_t &); void eeprom_read_firewall_rules(); // Firewall Actions void add_rule_to_firewall(firewall_rule_t *); - firewall_rule_t *get_rule_from_firewall(int); - bool delete_rule_from_firewall(int); + firewall_rule_t *get_rule_from_firewall(uint8_t); + bool delete_rule_from_firewall(uint8_t); // Firewall-API Actions void setup_routing(); @@ -73,6 +75,7 @@ class ESPFirewall String construct_json_firewall_rule(firewall_rule_t *); String construct_json_firewall(); void not_found(AsyncWebServerRequest *); + void restart_device_handler(AsyncWebServerRequest *); void get_firewall_rule_handler(AsyncWebServerRequest *); void get_firewall_rules_handler(AsyncWebServerRequest *); bool request_has_firewall_parameter(AsyncWebServerRequest *);